PowerGhost：一款在野的多功能挖矿恶意软件分析

PGRpdiBjbGFzcz0idGl0bGUgY2xlYXJmaXgiPjxkaXYgY2xhc3M9InByb3BlcnR5Ij4mbmJzcDsmbmJzcDsgJm5ic3A7ICZuYnNwOyZuYnNwOyA8YnIvPjwvZGl2PjwvZGl2PjxkaXYgaWQ9ImNvbnRlbnR0eHQiPjxwPjxhIGhyZWY9Imh0dHA6Ly9pbWFnZS4zMDAxLm5ldC9pbWFnZXMvMjAxODA4MjAvMTUzNDcwNzYyNV81Yjc5YzdhOWE3M2YxLnBuZyIgY2xhc3M9ImhpZ2hzbGlkZS1pbWFnZSIgdGFyZ2V0PSJfYmxhbmsiPjxpbWcgYWx0PSIxLnBuZyIgc3JjPSJodHRwOi8vaW1hZ2UuMzAwMS5uZXQvaW1hZ2VzLzIwMTgwODIwLzE1MzQ3MDc2MjVfNWI3OWM3YTlhNzNmMS5wbmchc21hbGwiIHN0eWxlPSJkaXNwbGF5OiBibG9jazsiIHdpZHRoPSI2OTAiLz48L2E+PC9wPjxwPjxzdHJvbmcgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMTc2LCA4MCk7Ij7ov5HmnJ/vvIzljaHlt7Tmlq/ln7rlrp7pqozlrqTnmoTmo4DmtYvpm7fovr7lj5HnjrDkuobkuIDmrL7pnZ7luLjmnInmhI/mgJ3nmoTmgbbmhI/mjJbnn7/ova/ku7bvvIzor6XmgbbmhI/ova/ku7blkI3lj6tQb3dlckdob3N077yM5a6D5Zyo5oSf5p+T5LqG55uu5qCH5Li75py65LmL5ZCO5LiN5LuF5Y+v5Lul5oKE5oKE5Zyo5ZCO5Y+w5oyW55+/77yM6ICM5LiU6L+Y6IO95aSf5oSf5p+T5LyB5Lia5aSn5Z6L572R57uc5YaF55qE5YW25LuW5Li75py677yM5YyF5ous5bel5L2c56uZ5ZKM5pyN5Yqh5Zmo562J562J44CCPC9zdHJvbmc+PC9wPjxwPuavq+aXoOeWkemXru+8jOWvueS6juaUu+WHu+iAheadpeivtO+8jOiiq+aEn+afk+eahOiuvuWkh+aVsOmHj+i2iuWkmu+8jOmpu+eVmeeahOaXtumXtOi2iumVv++8jOS7luS7rOeahOWIqea2puS5n+Wwsei2iuWkp+OAguWboOatpO+8jOaIkeS7rOe7j+W4uOS8mueci+WIsOW+iOWkmuWQiOazlei9r+S7tuiiq+aMluefv+i9r+S7tuaEn+afk++8jOWboOS4uuaUu+WHu+iAheWPr+S7peWIqeeUqOWQiOazlei9r+S7tuadpeS8oOaSreiHquW3seeahOaBtuaEj+i9r+S7tuOAguS9humcgOimgeazqOaEj+eahOaYr++8jFBvd2VyR2hvc3TnmoTlvIDlj5HogIXmm7TmnInliJvmlrDlipvvvIzlm6DkuLrku5bku6zlt7Lnu4/lvIDlp4vkvb/nlKjml6Dmlofku7bmioDmnK/mnaXlnKjnm67moIfns7vnu5/kuK3lrp7njrDmgbbmhI/mjJbnn7/ova/ku7bmhJ/mn5PkuobjgILnlLHmraTnnIvmnaXvvIzliqDlr4botKfluIHnmoTmtYHooYzku6Xlj4rku7fmoLznmoTkuI3mlq3lop7plb/vvIzlt7Lnu4/lvIDlp4vorqnlvojlpJrnvZHnu5zniq/nvarliIblrZDmipXouqvkuo7mgbbmhI/mjJbnn7/mioDmnK/kuobjgILmraPlpoLljaHlt7Tmlq/ln7rlrp7pqozlrqTnmoTosIPmn6XmlbDmja7kuIDmoLfvvIzmgbbmhI/mjJbnn7/ova/ku7bmraPlnKjpgJDmraXlj5bku6Pli5LntKLova/ku7bnmoTlnLDkvY3jgII8L3A+PGgyPuaKgOacr+WIhuaekOWPiuS8oOaSremAlOW+hDwvaDI+PHA+UG93ZXJHaG9zdOWFtuWunuaYr+S4gOS4que7j+i/h+S6hua3t+a3huWkhOeQhueahFBvd2VyU2hlbGzohJrmnKzvvIzlhbbkuK3ljIXlkKvnmoTmoLjlv4Pnu4Tku7bmnInvvJrmjJbnn7/kuLvnqIvluo/jgIFtaW1pa2F0euOAgeS4gOS4queUqOS6juWunueOsOWPjeWwhFBF5rOo5YWl55qE5qih5Z2X44CB55So5LqO5Yip55SoRXRlcm5hbEJsdWXmvI/mtJ7nmoRTaGVsbENvZGXku6Xlj4rnm7jlhbPnmoTkvp3otZblupPvvIhtc3ZjcDEyMC5kbGzlkoxtc3ZjcjEyMC5kbGzvvInjgILkuIvpnaLnu5nlh7rnmoTmmK/pg6jliIbku6PnoIHniYfmrrXvvJo8L3A+PHA+PGEgaHJlZj0iaHR0cDovL2ltYWdlLjMwMDEubmV0L2ltYWdlcy8yMDE4MDgyMC8xNTM0NzA3NjMyXzViNzljN2IwOTY3MzUucG5nIiBjbGFzcz0iaGlnaHNsaWRlLWltYWdlIiB0YXJnZXQ9Il9ibGFuayI+PGltZyBhbHQ9IjIucG5nIiBzcmM9Imh0dHA6Ly9pbWFnZS4zMDAxLm5ldC9pbWFnZXMvMjAxODA4MjAvMTUzNDcwNzYzMl81Yjc5YzdiMDk2NzM1LnBuZyFzbWFsbCIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyIgd2lkdGg9IjY5MCIvPjwvYT48L3A+PHA+6YeH55SoQmFzZTY057yW56CB55qE5o+S5Lu25qih5Z2X5Luj56CB77yaPC9wPjxwPjxhIGhyZWY9Imh0dHA6Ly9pbWFnZS4zMDAxLm5ldC9pbWFnZXMvMjAxODA4MjAvMTUzNDcwNzYzN181Yjc5YzdiNTc3NjAyLnBuZyIgY2xhc3M9ImhpZ2hzbGlkZS1pbWFnZSIgdGFyZ2V0PSJfYmxhbmsiPjxpbWcgYWx0PSIzLnBuZyIgc3JjPSJodHRwOi8vaW1hZ2UuMzAwMS5uZXQvaW1hZ2VzLzIwMTgwODIwLzE1MzQ3MDc2MzdfNWI3OWM3YjU3NzYwMi5wbmchc21hbGwiIHN0eWxlPSJkaXNwbGF5OiBibG9jazsiIHdpZHRoPSI1MDIiLz48L2E+PC9wPjxwPui/measvuaBtuaEj+i9r+S7tuS9v+eUqOS6huWQhOenjeaXoOaWh+S7tuaKgOacr+adpemakOiXj+iHquW3seeahOa0u+WKqOi4qui/ue+8jOW5tuWIqeeUqOa8j+a0nuWSjOi/nOeoi+euoeeQhuW3peWFt++8iFdpbmRvd3PnrqHnkIblt6XlhbfvvInmnaXov5znqIvmhJ/mn5Pnm67moIforr7lpIfjgILlnKjlrp7njrDmhJ/mn5PnmoTov4fnqIvkuK3vvIzmgbbmhI/ova/ku7bkvJrov5DooYzkuIDkuKpQb3dlclNoZWxs6ISa5pys77yM5LiL6L295LqG5oyW55+/5Li756iL5bqP5LmL5ZCO77yM6ISa5pys5Lya56uL5Y2z5ZCv5Yqo5oG25oSP6L2v5Lu277yM6ICM5LiN5piv55u05o6l5bCG5YW25a2Y5YWl5Li75py655qE56Gs55uY5Lit44CCPC9wPjxoMz7mgbbmhI/ohJrmnKznmoTov5DooYzliIbkuLrku6XkuIvlh6DkuKrpmLbmrrXvvJo8L2gzPjxwPjxzdHJvbmc+6Ieq5Yqo5pu05paw77yaPC9zdHJvbmc+UG93ZXJHaG9zdOS8muWumuacn+ajgOafpUMmQ+acjeWKoeWZqOaYr+WQpuacieaWsOeJiOacrO+8jOacieWImeiHquWKqOS4i+i9veW5tuWunueOsOabtOaWsO+8jOiAjOS4jeS8muWQr+WKqOS5i+WJjeeahOeJiOacrOOAgjwvcD48cD48YSBocmVmPSJodHRwOi8vaW1hZ2UuMzAwMS5uZXQvaW1hZ2VzLzIwMTgwODIwLzE1MzQ3MDc2NDdfNWI3OWM3YmYyNzk4MC5wbmciIGNsYXNzPSJoaWdoc2xpZGUtaW1hZ2UiIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iNC5wbmciIHNyYz0iaHR0cDovL2ltYWdlLjMwMDEubmV0L2ltYWdlcy8yMDE4MDgyMC8xNTM0NzA3NjQ3XzViNzljN2JmMjc5ODAucG5nIXNtYWxsIiBzdHlsZT0iZGlzcGxheTogYmxvY2s7IiB3aWR0aD0iNjkwIi8+PC9hPjwvcD48cD48c3Ryb25nPuS8oOaSre+8mjwvc3Ryb25nPuWcqG1pbWlrYXR655qE5biu5Yqp5LiL77yM5oG25oSP6L2v5Lu25Lya5pS26ZuG5Y+X5oSf5p+T57O757uf55qE55So5oi35Yet6K+B77yM54S25ZCO5a6M5oiQ55m75b2V5bm26YCa6L+HV01J5Zyo5pys5Zyw572R57uc5Lit5Lyg5pKt5oG25oSP6L2v5Lu25Ymv5pys44CC6Zmk5q2k5LmL5aSW77yMUG93ZXJHaG9zdOi/mOS8muWIqeeUqOiHreWQjeaYreiRl+eahEV0ZXJuYWxCbHVl5ryP5rSe77yITVMxNy0wMTAsCiBDVkUtMjAxNy0wMTQ077yJ5Zyo5pys5Zyw572R57uc5Lit5a6e546w5oG25oSP6L2v5Lu25Lyg5pKt44CCPC9wPjxwPjxzdHJvbmc+5o+Q5p2D77yaPC9zdHJvbmc+5oSf5p+T6K6+5aSH5ZCO77yMUG93ZXJHaG9zdOS8muWIqeeUqOa8j+a0nk1TMTYtMDMy44CBTVMxNS0wNTHlkoxDVkUtMjAxOC04MTIw5p2l5Zyo55uu5qCH6K6+5aSH5LiK5a6e546w5o+Q5p2D44CCPC9wPjxwPjxzdHJvbmc+5oyB5LmF5YyW5oSf5p+T77yaPC9zdHJvbmc+UG93ZXJHaG9zdOS8muWwhuaJgOacieaooeWdl+WtmOWCqOS4uldNSeexu++8jOaMluefv+S4u+S9k+S8muS7pVBvd2VyU2hlbGzohJrmnKznmoTlvaLlvI/lrZjlgqjvvIzmr485MOWIhumSn+a/gOa0u+S4gOasoeOAgjwvcD48cD48YSBocmVmPSJodHRwOi8vaW1hZ2UuMzAwMS5uZXQvaW1hZ2VzLzIwMTgwODIwLzE1MzQ3MDc2NTNfNWI3OWM3YzViYjVlZS5wbmciIGNsYXNzPSJoaWdoc2xpZGUtaW1hZ2UiIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iNS5wbmciIHNyYz0iaHR0cDovL2ltYWdlLjMwMDEubmV0L2ltYWdlcy8yMDE4MDgyMC8xNTM0NzA3NjUzXzViNzljN2M1YmI1ZWUucG5nIXNtYWxsIiBzdHlsZT0iZGlzcGxheTogYmxvY2s7IiB3aWR0aD0iNjkwIi8+PC9hPjwvcD48cD48c3Ryb25nPlBheWxvYWTvvJo8L3N0cm9uZz7mnIDlkI7vvIzor6XohJrmnKzkvJrpgJrov4flj43lsITlnotQReazqOWFpeadpeWKoOi9vVBF5paH5Lu25bm25ZCv5Yqo5oyW55+/56iL5bqP44CCPC9wPjxwPuWcqOWFtuS4reS4gOS4qlBvd2VyR2hvc3TmoLfmnKzkuK3vvIznoJTnqbbkurrlkZjov5jlj5HnjrDkuobnlKjkuo7miafooYxERG9T5pS75Ye755qE5Luj56CB77yM5pi+54S2UG93ZXJHaG9zdOeahOS9nOiAhei/mOaDs+mAmui/h+aPkOS+m+mineWklueahEREb1PmlLvlh7vmnI3liqHmnaXotZrlj5blpJblv6vjgII8L3A+PHA+PGEgaHJlZj0iaHR0cDovL2ltYWdlLjMwMDEubmV0L2ltYWdlcy8yMDE4MDgyMC8xNTM0NzA3NjYwXzViNzljN2NjMTkyYmMucG5nIiBjbGFzcz0iaGlnaHNsaWRlLWltYWdlIiB0YXJnZXQ9Il9ibGFuayI+PGltZyBhbHQ9IjYucG5nIiBzcmM9Imh0dHA6Ly9pbWFnZS4zMDAxLm5ldC9pbWFnZXMvMjAxODA4MjAvMTUzNDcwNzY2MF81Yjc5YzdjYzE5MmJjLnBuZyFzbWFsbCIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyIgd2lkdGg9IjY5MCIvPjwvYT48L3A+PGgzPue7n+iuoeS4juWcsOeQhuWIhuW4gzwvaDM+PHA+UG93ZXJHaG9zdOeahOS4u+imgeaUu+WHu+ebruagh+aYr+S8geS4mueUqOaIt++8jOWboOS4uuagueaNruWug+eahOeJueaAp++8jOWFrOWPuOeahOacrOWcsOWxgOWfn+e9keabtOmAguWQiOS8oOaSreOAgjwvcD48cD48YSBocmVmPSJodHRwOi8vaW1hZ2UuMzAwMS5uZXQvaW1hZ2VzLzIwMTgwODIwLzE1MzQ3MDc2NzNfNWI3OWM3ZDk0ZmFkOS5wbmciIGNsYXNzPSJoaWdoc2xpZGUtaW1hZ2UiIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iNy5wbmciIHNyYz0iaHR0cDovL2ltYWdlLjMwMDEubmV0L2ltYWdlcy8yMDE4MDgyMC8xNTM0NzA3NjczXzViNzljN2Q5NGZhZDkucG5nIXNtYWxsIiBzdHlsZT0iZGlzcGxheTogYmxvY2s7IiB3aWR0aD0iNTc1Ii8+PC9hPjwvcD48cD7nm67liY3vvIzmhJ/mn5PkuoZQb3dlckdob3N055qE55So5oi35Li76KaB5YiG5biD5Zyo5Y2w5bqm44CB5be06KW/44CB5ZOl5Lym5q+U5Lqa5ZKM5Zyf6ICz5YW2562J5Zu95a6244CCPC9wPjxwPuWNoeW3tOaWr+WfuuWunumqjOWupOeahOS6p+WTgeeahOajgOa1i+agh+ivhuWmguS4i++8mjwvcD48cHJlPkRNOlRyb2phbi5XaW4zMi5HZW5lcmljCgpQRE06RXhwbG9pdC5XaW4zMi5HZW5lcmljCgpIRVVSOlRyb2phbi5XaW4zMi5HZW5lcmljCgpub3QtYS12aXJ1czpIRVVSOlJpc2tUb29sLldpbjMyLkJpdE1pbmVyLmdlbjwvcHJlPjxwPm5hbm9wb29sLm9yZ+WSjG1pbmV4bXIuY29t55qE55S15a2Q6ZKx5YyF5Zyw5Z2A77yaPC9wPjxwcmU+NDNRYkhzQWo0a0hZNVdkV3I3NXF4WEhhcnhUTlFEazJBQm9pWE02eUZhVlBXNlR5VUplaFJvQlZVZkVoS1BOUDRuM0pGdTJIM1BOVTJTZzNaTUs4NXRQWE16VGJIa2IKNDlrV1dIZFpkNU5GSFh2ZUdQUEFuWDhpclg3Z3JjTkxITjJhbk5LaEJBaW5WRkxkMjZuOGdYMkVpc2Rha1JWNmgxSGtYYWExWUo3aXozQUh0Sk5LNU1EOTN6NnRWOUg8L3ByZT48aDI+5YWl5L615aiB6IOB5oyH5qCHPC9oMj48cD5DJkPkuLvmnLrlkI3vvJo8L3A+PHByZT51cGRhdGUuN2g0dWtbLl1jb20KCjE4NS4xMjguNDMuNjIKCmluZm8uN2g0dWtbLl1jb208L3ByZT48cD5NRDXvvJo8L3A+PHByZT5BRUVCNDZBODhDOUEzN0ZBNTRDQTJCNjRBRTE3RjI0OAoKNEZFMkRFNkZCQjI3OEU1NkMyM0U5MDQzMkYyMUY2QzgKCjcxNDA0ODE1RjZBMDE3MUEyOURFNDY4NDZFNzhBMDc5Cgo4MUUyMTRBNDEyMEE0MDE3ODA5RjVFNzcxM0I3RUFDODwvcHJlPjxwPjxzdHJvbmcgc3R5bGU9ImNvbG9yOiByZ2IoMTU5LCAxNjMsIDE2OCk7Ij48YnIvPjwvc3Ryb25nPjwvcD48cD48c3Ryb25nIHN0eWxlPSJjb2xvcjogcmdiKDE1OSwgMTYzLCAxNjgpOyI+PHN0cm9uZyBzdHlsZT0iY29sb3I6IHJnYigxNTksIDE2MywgMTY4KTsiPkZC5bCP57yWQWxwaGFfaDRja+e8luivke+8jDwvc3Ryb25nPui9rOi9veadpeiHqkZyZWVCdWYuQ09NPC9zdHJvbmc+PC9wPjwvZGl2PjxwPjxici8+PC9wPg==